Tag Archive for Symantec

| March 13, 2012
2 comments

Detroit Safest Online City Again

Detroit Safest Online City AgainNorton, the anti-virus arm of Symantec (SYMC) teamed up with research firm Sperling’s BestPlaces to rank US cities based on a number of cybercrime risks and they found Detroit the safest online city for 2012. I wrote about Detroit’s 2011 ranking here.

DetroitBert Sperling, lead researcher for the analysis said, “By looking at data from consumer lifestyle habits as well as cybercrime data provided by Symantec, … we’re able to provide a holistic view of the various factors that put a person at potential risk.

The Huff Post reports that the study looked at the prevalence of Internet use in addition to the types of risks users face online. Consumer statistics include the number of PCs, use of smartphones, the use of social networks, e-commerce, and accessing potentially unsecured Wi-Fi hotspots. BestPlaces also looked at the following cybercrime data: bot-infected computers located within a specific city, attempted malware infections, spamming IP addresses found within a specific city, and web attacks originating within a specific city.

Wi=FiSymantec says Detroit had low scores in the number of Wi-Fi hotspots, potentially risky online consumer behavior, and PC expenditures. Other low-ranked cities include Tulsa and El Paso.

Users are at most risk for cybercrime in the following cities:

1. Washington
2. Seattle
3. San Francisco
4. Atlanta
5. Boston

SymantecWith the explosion of smartphones, tablets, and laptops in recent years, and the rise of apps and social networking sites, our online and offline lives are blending together in ways that we’ve never before experienced,” said Marian Merritt, Norton Internet Safety Advocate. “…this analysis highlights the potentially risky factors we face each time we go online. By taking a few simple precautions now, people can make sure they stay protected against online threats.”

Greg Donewar, manager of the National White Collar Crime Center told Huff Post,… over the past year, we’ve seen a considerable increase in cybercrime attacks, and whether a person lives in the riskiest online city or the safest, consumers everywhere need to be aware of the inherent dangers of online activity.

rb-

Forbes says that cyber-crime is a $37 billion crime that affects 1 in 25 Americans. Take these steps to protect yourself online:

Create better passwords. Avoid passwords like password, 123456, qwerty, abc123, or monkey, these are the top most common passwords (I have been writing about weak passwords for since 2010). Forbes says your first line of protection against cybercrime is to make sure all of your passwords follow these rules of thumb:

  • At least eight characters
  • A mix of these four types of characters: upper case letters, lower case letters, numbers, and special characters
  • Not a name, slang word, or any word in the dictionary
  • Don’t keep the same password; change it every six months
  • Have uniquely different passwords (not just slight variations of the same password) for every account and site

Monitor your financial accounts. If you shop online, use online banking, or have any personal or financial information available online, you are at risk of finance-related crimes like identity theft and fraud which Huff Post says costs the average victim $631 in out-of-pocket costs. Forbes says that one of the easiest ways to protect yourself is to monitor your credit to detect any red flags early. They recommend users set up spending limit alerts on credit cards and checking accounts to keep tabs on your balances. Automatically monitoring for suspicious activity and fraudulent accounts helps catch costly identity theft and fraud immediately.

Lockdown your smartphone. If you use your smartphone to shop, spend, socialize, and surf, your phone’s sensitive information essentially becomes a one-stop shop for cybercriminals. Forbes says if stolen or exposed to thieves, your smartphone can compromise your personal and financial information anytime and anywhere. Here’s a quick five-minute checklist from Forbes on how to properly secure your mobile phone:

  • Password-protect your phone with a complex and unique password, and set your phone so it auto-locks and never saves any passwords.
  • Enable a service with remote tracking. You can also set your phone to automatically wipe your data if your phone password is inputted incorrectly several times.
  • Turn Bluetooth off if you’re not using it. Thieves can pair their Bluetooth device with yours and hack personal information.
  • Be careful on public Wi-Fi networks where thieves can remotely access your data undetected. Only connect your phone to secure networks.
  • Before downloading any apps to your phone, always do a quick search to make sure it comes from a legitimate site or publisher. Check user reviews on sites like appWatchdog for complaints.
Related articles
  • Why you should password-protect your smartphone (ctv.ca)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| April 2, 2011
Comments Off on Adobe Notes

Adobe Notes

Malicious PDF Files Becoming the Attack Vector of Choice

Adobe PDF ZDNet points out a report from Symantec’s MessageLabs that malicious PDF files outpace other malicious attachments used in targeted attacks and now represent the attack vector of choice for malicious attackers compared to media, help files, HTMLs and executables.

The report says that office-based file formats are a popular and effective choice used in some targeted attacks. Cybercriminals attempt to bypass spam and email filters by distributing the ubiquitous PDF that is often allow to pass through these layers of protection. In 2009, about 52.6% of targeted attacks used PDF exploits, compared with 65.0% in 2010, an increase of 12.4%. MessageLabs Intelligence Senior Analyst, Paul Wood says,

PDF-based targeted attacks are here to stay, and are predicted to worsen as malware authors continue to innovate in the delivery, construction and obfuscation of the techniques necessary for this type of malware

Adobe Posts Its First Billion-Dollar Quarter

The New York Times reports that the software maker Adobe posted its first $1 billion quarter in Q4-2010. Revenue rose 33 percent to $1.01 billion from $757 million last year. Adobe, which is based in San José, CA makes Photoshop, Acrobat, and Flash software.

Targeted attacks exploiting PDF bugs are soaring

Help Net Security reports that Adobe is having a hard time fighting its bad reputation when it comes to products riddled with vulnerabilities. Help Net Security references a report from F-Secure’s Lab which says that Adobe Reader exploits are becoming the weapon of choice for many cybercriminals.

F-Secure

This makes patching and updating eminently important. As an example the latest critical vulnerability (CVE-2010-0188) which Adobe warned users to update the software to the latest version. Users who missed the memo are vulnerable, F-Secure (FSC1V) warns it is being exploited in the wild.

Upon loading the PDF file, an embedded executable is dropped on the victim’s hard disc and it immediately tries to connect with tiantian (.) ninth (.) biz to download other files.

F-Secure has warned long ago about security problems plaguing Adobe’s most famous software. The security firm has even advised users to start using an alternative PDF reader. According to Help Net Security Adobe’s, decision to schedule their updates to follow Microsoft’s Patch Tuesday is a step in the right direction.

Malicious PDF spam with Sality virus

Help Net Security highlights a Sophos warning that a malicious email containing the following text has been dropped into inboxes around the world:

Hey man..
Remember all those long distance phone calls we made.
Well I got my telephone bill and WOW.
Please help me and look at the bill see which calls where yours ok..

Sophos logoYou surely don’t remember such an occurrence or the sender of the email, since this is just a ploy to make you open the PhoneCalls(.)pdf attachment, but don’t let your innate curiosity get the better of you.

The attached file can exploit a vulnerability in how Adobe Reader handles TIFF images and proceeds to download and execute a Trojan that loads the Sality virus into your system’s memory. The virus then proceeds to append its encrypted code to executable files, deploys a rootkit, and kills anti-virus applications.

Sophos reminds everyone that opening documents attached to unsolicited emails is like the online equivalent of Russian roulette – the odds are stacked heavily against you.

Adobe, The New King Of Security Holes

Information WeekAdobe reports that Microsoft (MSFT) has spent more than a decade improving its secure software development and its response to security exploits. As a result, Microsoft is losing the lead in security vulnerabilities and being replaced by Adobe (ADBE).

With Microsoft’s improved response to security holes, the pickings in Windows itself are getting slimmer. Attackers don’t have brand loyalty, so they’ve moved on to another company with lots of PC installed base: Adobe. Security holes are being exploited in Adobe Reader and Illustrator. Adobe makes this problem worse because it has bundled unwanted applications and their AIR software platform with their free applications like Adobe Reader. Adobe is looking to create an attractive installed base for their developers, but they are also creating an attractive attack surface for the bad guys.

Protecting yourself from Adobe’s security holes can be difficult.  There are non-Adobe solutions such as Foxit Reader, which is much faster and lighter than Adobe Reader but has had problems with  PDF documents with editable fields. InfoWeek provided some specific tips that may help avoid security problems.

  • Uninstall any Adobe Reader version earlier than 9,  and install version 9.
  • With ver. 9 go to the Edit/Preferences menu. Make sure that Security(Enhanced) is turned on; (Adobe ships it turned off).
  • Launch the Updater and be sure you’re checking for updates, install updates ASAP.
  • Go to Trust Manager and uncheck the option for “Allow opening of non-PDF file attachments.”
  • Finally, unless you know you need JavaScript in your Acrobat documents, disable JavaScript.
  • RB- Don’t go to ver. 10, I hate it.
Related articles
  • Iranian Nuclear Program Used as Lure in Flash-based Targeted Attacks (pcworld.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| February 9, 2011
Comments Off on Who Moved My SPAM?

Who Moved My SPAM?

Who Moved My SPAM?Analysis of the spam trends by security vendor Commtouch reveals a significant drop in global spam levels according to the Help Net Security.  The article says that the average spam level for Q4 2010 was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%.

The New York Times also noted the decline in SPAM during Q4 2010. The NYT cites data from MessageLabs that global spam volumes dropped to about 30 billion messages a day from about 70 billion before Christmas. MessageLabs says the decline added to a downward trend underway since August when spam peaked at some 200 billion spam messages a day or 92.2 percent of all e-mail.

There are several theories why SPAM is drying up. One theory in the NYT article for why the botnets stopped spamming is that an important source of business may have dried up. September 2010 saw the Russians close down SpamIt, the organization allegedly behind much of the world’s pharmacy spam. Without SpamIt, “at least for now, there’s no content to fill the spamming cannons that Rustock has,” John Reid, of Spamhaus, a nonprofit group that tracks spammers, told the NYT.SPAM Volume; Global Projections

Another theory put forward is that the botnet operators are intimidated. The NYT reports that in addition to going after SpamIt, Russian authorities recently arrested two spammers in Taganrog, in southern Russia, who had a database of nearly two billion United States and European Union e-mail addresses they had used to spread malicious programs, according to the HostExploit blog. “Even if the people were unrelated, the chilling effect of arrests can cause others to lay low for a while,” Mr. Reid said, adding, “But all this is speculation.”

MessageLabsMatt Sergeant, a senior anti-spam technologist at MessageLabs, a unit of the security software maker Symantec (SYMC) wrote in a blog post, “Did the people in charge of these botnets suddenly go on vacation? Currently, there are no explanations on why these botnets stopped spamming.”

Another theory could be that SPAMmers are changing tactics. The botnet operators seem to be shifting their focus to more lucrative social networking and mobile channels. Jamie Tomasello, Abuse Operations Manager at Cloudmark, told Help Net Security that these platforms allow SPAMmers to reach more responsive recipients compared with traditional email messages.

In a survey of Facebook users by F-Secure, the anti-malware firm, found that social networking spam is now a problem for three out of four Facebook users reported by ITNewsLink. F-Secure also found that 78 percent think spam is a problem on the site and 49 percent report they often see something in their newsfeed that they consider spam.

CloudmarkMs. Tomasello explains that technically, a botnet can send any kind of content and so they are increasingly being used to send messages that spoof content from social networking sites. This works in a similar way to email phishing attacks, where a message would drive the recipient to a malicious payload, or to a website to capture the recipient’s social network credentials. The cybercriminal could then log in to the social networking site with the compromised credentials and send spam via the platform to the compromised recipient’s friends.

Cloudmark’s Tomasello says that these messages can be much more convincing than email spam messages because social networks, and the friends a user is connected with, are often well trusted. Once a cybercriminal has compromised credentials they will use them to try to gain access to other e-commerce, social network, email, or bank accounts, because many internet users use the same username and password combination across multiple websites.

Mobile devices are also seeing increased threats. Gareth Maclachlan, Chief Operating Officer of AdaptiveMobile, a mobile security firm told ITnewslink “With the increasing pervasiveness of Smartphone devices, 2010 has undoubtedly been the year that fraudsters have truly turned their attention to mobile platforms.” Mr. Maclachlan continues:

With Smartphone penetration reported to reach 37 per cent in Europe and 44 per cent in the US by 2012, we predict that the number of threats targeted at unsuspecting mobile users will continue to increase at an exponential rate throughout the course of 2011. Even more significantly, the nature of the threats we are seeing will increase in sophistication. … next year will see the emergence of the ‘compound threat’ – intelligent scams designed to exploit multiple phone capabilities in order to reap maximum reward for the criminals, before the user even realises they have become a victim.

rb-

My SPAM data tracks what the big boys are saying. The average number of SPAM emails I receive has dropped to a near record-low 12.3 SPAM messages per day in January 2011 from a high of 77.5 SPAM messages in May of 2009.  The record low monthly average was 11.0 SPAM messages in May 2010. The number of SPAM messages I get on my Blackberry has been minimal, but the number of junk emails I get even though LinkedIn has climbed.

Monthly SPAM Averages

Are SPAMmers taking a break or reloading?

What are you doing to prevent SPAM on mobile devices?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| July 13, 2010
Comments Off on Free Antivirus Rules Market

Free Antivirus Rules Market

Free Antivirus Rules MarketOPSWAT, Inc. a provider of integration technologies to software developers and vendors recently released a report on the use of antivirus applications. According to the report, free products control 42% of the product market, and vendors that primarily offer a free product have a 48% market share.

The top 10 Windows antivirus applications for January to May 2010 according to OPSWAT were:

  • avast! Free Antivirus 11.45%
  • Avira AntiVir Personal – Free Antivirus 9.19%
  • AVG AntiVirus Free 8.6%
  • Microsoft Security Essentials 7.48%
  • avast! Antivirus 5.4%
  • Kaspersky Internet Security 4.48%
  • Norton AntiVirus 4.24%
  • ESET NOD32 Antivirus 3.84%
  • avast! Antivirus Professional 3.5%
  • McAfee VirusScan 3.26%

opswat AV market share graph 2010

This data indicates that free products account for 42% of the market. From a vendor perspective, European vendors, total just over 50% of the market which include:

  • AVAST,
  • Avira,
  • AVG,
  • ESET,
  • Panda,
  • BitDefender,
  • G Data and
  • Sophos.

Whereas US-based vendors, make up just over 30% include:

Vendors that primarily offer a free product have a 48% market share.

The top 10 Windows antivirus vendors by market share for January to May 2010 according to OPSWAT were:

rb-

According to the firm’s website, OPSWAT collected information from tens of thousands of volunteers out of the 50 million endpoints that use the OESIS Framework and the free Am I OESIS OK? online utility with which end users can check the interoperability and quality level of their applications.  I have said this before, with other fun factoids like this, the adoption rate of the vendor’s tools may skew the results. Nonetheless, it is notable that

  • Microsoft, not usually seen as a security vendor has captured a significant share with their recent anti-virus solutions and could be a legitimate challenger to pure-play security players Symantec and McAfee.
  • Symantec and McAfee who are often seen as the top choices in the U.S. do not do well in this list. This data seems to show that AV competition is alive and well in the highly fragmented consumer sector.
  • The fragmented marketplace may help keep innovation active in the AV market, which is a good thing in the face of the increasing variety of threats from malware.

So despite the claims of this or that vendor to dominate a market based on sales numbers, the OPSWAT data seems to show that end-users have developed a degree of trust in free antivirus applications to keep them secure as they do with paid antivirus.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| March 27, 2010
Comments Off on Detroit Least Risky Online City

Detroit Least Risky Online City

Detroit Least Risky Online City Symantec has declared Detroit as the least risky online city in America. In a joint study with Sperling’s BestPlaces, Symantec released a report Norton’s Top 10 Riskiest Online Cities The U.S. cities under the greatest threat from cybercrime (PDF) (03-22-10) of the 50 riskiest places in America to be online and at the bottom of the list is Detroit.

DetroitThe report indicates that Detroit is the least risky online city, with residents less likely to take part in risky online behavior. Detroit has low levels of Internet access, expenditures on computer equipment, and wireless Internet access. The city also ranked low in cybercrime, wireless Internet access, and Internet access generally compared to other cities. El Paso, Texas, and Memphis were the second and third safest cities, respectively as reported by eWeek.

Data from several sources were used to determine the rankings. The data came from Symantec Security Response as well as third-party data about online behavior, such as accessing WiFi hot-spots and online banking. Each city was scored across several categories. For example the number of malicious attacks per capita, prevalence of Internet use, and the number of bot-infected machines per capita.

Symantec logoDetroit ranked last in all categories including:

  • Individual cybercrimes,
  • WiFi and hotspots per capita,
  • Annual expenditures per household on Internet Access and Computers,
  • Adult Internet use.

rb-

Up is down and down is up in Detroit. These are not promising statistics for Detroit. The depression “global financial crisis” has ravaged Detroit and southeastern Michigan for the past 11 years. These results are just another indicator of how far Detroit has fallen. Low levels of Internet access, not buying computer equipment along with slow and limited wireless Internet access cause the city to rank low in cybercrime. This is just like driving a car, the more you drive the more risks you take. Until the Motor City gets on the information super-highway there is little chance of Detroit moving forward.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »